{"id":"CVE-2022-49343","summary":"ext4: avoid cycles in directory h-tree","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid cycles in directory h-tree\n\nA maliciously corrupted filesystem can contain cycles in the h-tree\nstored inside a directory. That can easily lead to the kernel corrupting\ntree nodes that were already verified under its hands while doing a node\nsplit and consequently accessing unallocated memory. Fix the problem by\nverifying traversed block numbers are unique.","modified":"2026-03-20T12:22:22.211244Z","published":"2025-02-26T02:10:59.970Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1","SUSE-SU-2025:1293-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49343.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ba733f879c2a88910744647e41edeefbc0d92b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6084240bfc44bf265ab6ae7d96980469b05be0f1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5a16a6df2c16eaf4de04948553ef0089dee463f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e157c8f87e8fac112d6c955e69a60cdb9bc80a60"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff4cafa51762da3824881a9000ca421d4b78b138"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49343.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49343"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac27a0ec112a089f1a5102bc8dffc79c8c815571"},{"fixed":"24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3"},{"fixed":"b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0"},{"fixed":"e157c8f87e8fac112d6c955e69a60cdb9bc80a60"},{"fixed":"ff4cafa51762da3824881a9000ca421d4b78b138"},{"fixed":"3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc"},{"fixed":"d5a16a6df2c16eaf4de04948553ef0089dee463f"},{"fixed":"6084240bfc44bf265ab6ae7d96980469b05be0f1"},{"fixed":"3ba733f879c2a88910744647e41edeefbc0d92b2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49343.json"}}],"schema_version":"1.7.5"}